Re: Origin router and X-Forwarded-For

Thu, 12 Oct 2017 04:16:24 -0700

Title: Re: Origin router and X-Forwarded-For
Hi Marcello Lorenzi.

have you used -servername in s_client?

The ssl solution is based on sni ( https://en.wikipedia.org/wiki/Server_Name_Indication )

Regards
Aleks

on Donnerstag, 12. Oktober 2017 at 13:02 was written:


 Hi All,
thanks for the response and we checked the configuration. If I tried to check the certificated propagate with the passthrough configuration with openssl s_client  and the certificate provided is the wilcard domain certificate and not the pod itself. Is it normal?

Thanks,
Marcello

On Thu, Oct 12, 2017 at 10:34 AM, Aleksandar Lazic <[email protected]> wrote:

 Hi.

Additionally to joel suggestion can you also use reencrypted route if you want to talk encrypted with apache webserver.

https://docs.openshift.org/3.6/architecture/networking/routes.html#re-encryption-termination

Regards
Aleks

on Mittwoch, 11. Oktober 2017 at 15:51 was written:


 Sorry I meant it say, it *cannot modify the http request in any way.
On Thu, 12 Oct 2017 at 12:51 am, Joel Pearson <[email protected]> wrote:

 Hi Marcelo,

If you use Passthrough termination then that means that OpenShift cannot add the X-Forwarded-For header, because as the name suggests it is just passing the packets through and because it’s encrypted it can modify the http request in anyway.

If you want X-Forwarded-For you will need to switch to Edge termination.

Thanks,

Joel
On Thu, 12 Oct 2017 at 12:27 am, Marcello Lorenzi <[email protected]> wrote:

 Hi All,
we tried to configure a route on Origin 3.6 with a Passthrough termination to an Apache webserver present into a single POD but we can't notice the X-Forwarded-Header to Apache logs. We tried to capture it without success.

Could you confirm if there are some method to extract it from the POD side?

Thanks,
Marcello
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
--
Kind Regards,

Joel Pearson
Agile Digital | Senior Software Consultant

Love Your Software™ | ABN 98 106 361 273
p: 1300 858 277 | m: 0405 417 843 | w: agiledigital.com.au
--
Kind Regards,

Joel Pearson
Agile Digital | Senior Software Consultant

Love Your Software™ | ABN 98 106 361 273
p: 1300 858 277 | m: 0405 417 843 | w: agiledigital.com.au

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Reply via email to